Skip to main content

AWS Cloud Security

ISO/IEC 27018:2019 Compliance

Overview

ISO/IEC 27018:2019 is a code of practice that focuses on protection of personal data in the cloud. It is based on ISO/IEC information security standard 27002 and provides implementation guidance on ISO/IEC 27002 controls applicable to public cloud Personally Identifiable Information (PII). It also provides a set of additional controls and associated guidance intended to address public cloud PII protection requirements not addressed by the existing ISO/IEC 27002 control set.

Page topics

FAQs

Open all

Alignment demonstrates to customers that AWS has a system of controls in place that specifically address the privacy protection of their content. AWS' alignment with and independent third-party assessment of this internationally recognized code of practice demonstrates AWS' commitment to the privacy and protection of customers' content.

The covered AWS Regions that are in scope can be found on the AWS ISO/IEC 27018:2019 certification.

Yes, AWS maintains the high bar of data protection and privacy controls outlined in ISO/IEC 27018:2019 for all customer content, regardless of whether or not any particular data is PII.

ISO/IEC 27018:2019 along with many other economic, environmental and social standards are available on the ISO website. ISO has made the decision to copyright these standards in an effort to help fund the processes leading to development.

EY CertifyPoint, an ISO certifying agent accredited by the Dutch Accreditation Council, a member of the International Accreditation Forum (IAF). Certificates issued by EY CertifyPoint are recognized as valid certificates in all countries with an IAF member.

The covered AWS services that are already in scope for ISO/IEC 27018:2019 can be found on ISO Certified. If you would like to learn more about using these services and/or have interest in other services please contact us.